How to Detect Any Website's Tech Stack via API

Have you ever wondered what technologies power your favorite websites? Whether it's for competitive analysis, sales intelligence, or security research — knowing a site's tech stack is incredibly useful.

In this tutorial, I'll show you how to programmatically detect the tech stack behind any website using the DetectZeStack API.

What You'll Learn

• How to detect frameworks, CDNs, CMS platforms, and more from any URL
• How to batch-analyze multiple sites at once
• How to compare tech stacks between competitors
• How to track technology changes over time

How It Works

DetectZeStack combines multiple detection methods:

1. Wappalyzer fingerprinting — matches HTML patterns, headers, cookies, and scripts against 3,800+ known technology signatures
2. DNS CNAME fingerprinting — resolves CNAME records to identify CDNs and hosting providers (e.g., *.cloudfront.net → Amazon CloudFront)
3. TLS certificate analysis — identifies SSL/TLS providers from certificate issuer fields
4. Custom header matching — catches hosting platforms through proprietary HTTP headers

This multi-layered approach catches things that any single method would miss.

Getting Started

1. Get an API Key

Sign up at DetectZeStack on RapidAPI — the free tier gives you 100 requests/month, no credit card required.

2. Analyze Your First URL

cURL:

curl -s "https://detectzestack.p.rapidapi.com/analyze?url=github.com" \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"

Python:

import requests

url = "https://detectzestack.p.rapidapi.com/analyze"
params = {"url": "github.com"}
headers = {
    "X-RapidAPI-Key": "YOUR_API_KEY",
    "X-RapidAPI-Host": "detectzestack.p.rapidapi.com"
}

response = requests.get(url, headers=headers, params=params)
data = response.json()

for tech in data["technologies"]:
    print(f"{tech['name']} ({', '.join(tech['categories'])}) - {tech['confidence']}%")

JavaScript (Node.js):

const response = await fetch(
  "https://detectzestack.p.rapidapi.com/analyze?url=github.com",
  {
    headers: {
      "X-RapidAPI-Key": "YOUR_API_KEY",
      "X-RapidAPI-Host": "detectzestack.p.rapidapi.com",
    },
  }
);

const data = await response.json();
data.technologies.forEach((tech) => {
  console.log(`${tech.name} (${tech.categories.join(", ")}) - ${tech.confidence}%`);
});

Example Response

Here's what you get back for github.com:

{
  "url": "https://github.com",
  "domain": "github.com",
  "technologies": [
    {
      "name": "React",
      "categories": ["JavaScript frameworks"],
      "confidence": 100,
      "description": "React is an open-source JavaScript library for building user interfaces or UI components.",
      "website": "https://reactjs.org",
      "icon": "React.svg",
      "cpe": "cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*"
    },
    {
      "name": "Amazon S3",
      "categories": ["CDN"],
      "confidence": 100,
      "description": "Amazon S3 or Amazon Simple Storage Service...",
      "website": "https://aws.amazon.com/s3/",
      "icon": "Amazon S3.svg"
    },
    {
      "name": "Sectigo",
      "categories": ["SSL/TLS certificate authority"],
      "confidence": 70
    }
  ],
  "categories": {
    "JavaScript frameworks": ["React"],
    "CDN": ["Amazon S3"],
    "SSL/TLS certificate authority": ["Sectigo"]
  },
  "meta": {
    "status_code": 200,
    "tech_count": 7
  },
  "cached": false,
  "response_ms": 3192
}

Notice the confidence field — technologies detected via wappalyzer fingerprinting have 100% confidence, while TLS-based detections (like Sectigo) have 70%. This helps you weigh results appropriately.

Batch Analysis

Need to analyze multiple sites? The batch endpoint handles up to 10 URLs concurrently:

curl -s "https://detectzestack.p.rapidapi.com/analyze/batch" \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  -d '{"urls": ["github.com", "stripe.com", "shopify.com"]}'

Want CSV output instead? Add ?format=csv or set Accept: text/csv:

curl -s "https://detectzestack.p.rapidapi.com/analyze/batch?format=csv" \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  -d '{"urls": ["github.com", "stripe.com"]}'

This returns a CSV with columns: URL, Domain, Technology, Category, Confidence, Error — perfect for spreadsheet analysis.

Compare Competitors

The /compare endpoint shows shared and unique technologies between sites:

import requests

url = "https://detectzestack.p.rapidapi.com/compare"
headers = {
    "X-RapidAPI-Key": "YOUR_API_KEY",
    "X-RapidAPI-Host": "detectzestack.p.rapidapi.com",
    "Content-Type": "application/json"
}

response = requests.post(url, headers=headers, json={
    "urls": ["shopify.com", "bigcommerce.com"]
})

data = response.json()

print("Shared technologies:", data["shared"])
for domain in data["domains"]:
    print(f"\n{domain['domain']} unique: {domain['unique']}")

Track Changes Over Time

Every analysis is stored. Query the /history endpoint to see how a site's stack evolves:

curl -s "https://detectzestack.p.rapidapi.com/history?domain=github.com&limit=5" \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"

Webhook Notifications

Want to be notified when a domain's tech stack changes? Set up a webhook:

curl -s "https://detectzestack.p.rapidapi.com/webhooks" \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  -d '{"domain": "competitor.com", "webhook_url": "https://your-server.com/webhook"}'

You'll receive a tech_stack.analyzed event with HMAC-signed payloads every time that domain is analyzed.

Check Your Usage

Monitor your API consumption with the /stats endpoint:

curl -s "https://detectzestack.p.rapidapi.com/stats" \
  -H "X-RapidAPI-Key: YOUR_API_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"

This returns your usage counts, top analyzed domains, daily usage trends, and cache hit rates.

Pricing

Tier	Requests/month	Price
Free	100	$0
Basic	5,000	Check RapidAPI
Pro	25,000	Check RapidAPI
Business	100,000	Check RapidAPI

Results are cached for 24 hours, so repeated lookups for the same domain don't count against your quota.

Use Cases

• Competitive intelligence: See what frameworks and tools your competitors use
• Lead enrichment: Enrich CRM leads with technology data (e.g., find all companies using Shopify)
• Security auditing: Identify outdated technologies and known-vulnerable components via CPE identifiers
• Market research: Track technology adoption trends across industries

Resources

• API Documentation (OpenAPI)
• RapidAPI Listing
• Landing Page

---

DetectZeStack detects 3,800+ technologies using wappalyzer fingerprinting, DNS analysis, TLS certificates, and custom header matching. Try it free at RapidAPI.